Fire

Fantastic Job! Thank you very much and keep up!

Very nice job && Respect!

Very nice && thanks!

Respect and thank you dude

Thank you very much dude.Very nice;)

Hello d4rkdz. Try this and it'll work for you: Run(@ComSpec & " /c RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255",@SW_HIDE);

Hello dude. If it contains some confidential data such as logins || passwords etc. you'll need firstly encrypt it or at least you'll need to store that file on database such as MYSQL,Postgres etc. So,it's your choise and your responcibility. Ok hereis basic idea for you: edit: OMG somehow my post disappeared from forum. Rolling back and copy/pasting it on pastebin: http://pastebin.com/8tTmqq4T

In itself select privilegie is enough to overhelm completely remote MYSQL server if your application vulnerable. Think about what will happen if client managed to submit 20~30 benchmark() to mysql server using your vulnerable client programm. Even if you revoke all *privileges* from mysql user except select privilegie "union"-ing will do it's own job.(So also confidentiality will be broken) The best practice for programmers is that sanitise and validate user input. As i pointed it out before in our situation AutoIT works something like this: May be Malicious user ____________ INPUT ____________ Autoit Application ____________ STAGE 3 ____________ MYSQL SERVER Notice flaw in this scenario: Theris no any mechanism to *additionally* sanitise user input on STAGE 3 (Missing server side validation/sanitization) IMO more secure than first example: May be Malicious user ____________ INPUT ____________ Autoit Application ____________ VERIFY AND VALIDATE IN EX USING PHP(Webserver) ____________ MYSQL SERVER But requires a lot of work.

Very awesome UDF.Thanks a lot ProgAndy. Here is few tips for users: This is a user input: $ds='uid`=7 or sleep(100)-- and '; Your application is vulnerable if your input references to column name even if it's escaped. (because mysql_real_escape_string() simply escapes ' and \ plus some unicodes but not `.) $s=_mysql_real_escape_string($connected,$ds); $query = "SELECT * FROM userstbl where `" & $s & "`='blah'" Another scenario: Again vulnerable. $ds='sleep(10)--'; $s=_mysql_real_escape_string($connected,$ds); $query = "SELECT * FROM userstbl where uid=" & $s ConsoleWrite($query & @CRLF & @CRLF) Second example isn't vulnerable if you properly typecast in ex user input to integer (if you expect integer from user input of course) $ds=Int('sleep(10)--'); So always use: $s=_mysql_real_escape_string($connected,$ds); $query = "SELECT * FROM `userstbl` where `uid`='" & $s & "'" Style and if possible do not use user input as reference to column names.(In itself it's bad style) (if you do or you need to do that validate it using whitelisting ways: Check is user input exists in your array?) On other hand here we deal with client MYSQL SERVER.(Missing server side validation/sanitisation in this case.) It's not secure anymore if your client managed to modify your program or somehow managed Man in Middle attacks. You can't do anything in this case.It will look like something like: "Validating authentication using Javacscript on login page". If i'm wrong please correct me. Thanks.

Very nice and usefull. Thanks a lot Men!

Hi. I'm not sure what you are trying to do (my bad English ) but i think you can use Alternative Data Streams in windows. Anyway check it out http://www.flexhex.com/docs/articles/alternate-streams.phtml I think may be it'll help you.

Awesome! Thank you shanet.

Great thanks AdmiralManHairAlkex. Yes i'm using Win XP SP2 32 bit RAM: 1.5 GB DDR2 Thanks to all again. I greatly Appreciate helps!

Thank you very much forumer100 & jchd for your reply. But for now i'm going completely remove that $progress from my script. Because i can't handle it in this way. Also i found another solution:(MS-DOS) findstr /R /N "^" log.txt | find /C ":"from: Count of Lines in file with DOS This is similar to _FileCountLines($logfile) and will output maximum numbers of lines in file. It may be usefull i think.But it is very slow in my situation too:( (reason: Very Big log file) BTW: What a reason for Error Allocationg Memory? In fact _FileCountLines() is unable to parse that large file. Any limitations for _FileCountLines() ? Thanks to all. edit: link